|
2461
|
8.2 |
HIGH
Network
|
-
|
-
|
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticket_id parameter.…
|
CWE-89
SQL Injection
|
CVE-2018-25404
|
2026-05-30 01:32 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2462
|
- |
|
-
|
-
|
Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective comp…
|
-
|
CVE-2026-39229
|
2026-05-30 01:32 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2463
|
8.8 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in Shibby Tomato 1.28. This vulnerability affects the function get_ups_field of the file tomatodata.cgi. Executing a manipulation of the argument Date can lead to stack…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-10065
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2464
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: …
|
CWE-416
Use After Free
|
CVE-2026-9945
|
2026-05-30 01:29 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2465
|
6.3 |
MEDIUM
Network
|
-
|
-
|
ACM/MCE assisted-service writes raw referenced pull-secret contents into `InfraEnv.status.conditions[].message` when pull-secret validation fails. A namespace principal with the stock `view` ClusterR…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-10101
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2466
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C…
|
CWE-416
Use After Free
|
CVE-2026-9946
|
2026-05-30 01:29 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2467
|
- |
|
-
|
-
|
Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings…
|
CWE-79
CWE-639
Cross-site Scripting
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45551
|
2026-05-30 01:29 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2468
|
8.7 |
HIGH
Network
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode…
|
CWE-79
Cross-site Scripting
|
CVE-2026-48527
|
2026-05-30 01:29 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2469
|
9.8 |
CRITICAL
Network
|
-
|
-
|
manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/{…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-10042
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2470
|
8.2 |
HIGH
Network
|
-
|
-
|
Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted …
|
CWE-89
SQL Injection
|
CVE-2018-25382
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
